Security News

Troy Hunt, the security expert who handles the breach notification website Have I Been Pwned, announced late last week that he is ready to make the code behind the site available in open source. Hunt now says that the time has come for the project to evolve into open source, especially given the fact that community contributions to Have I Been Pwned have increased significantly recently.

Need a tool to check your Python-based applications for security issues? Facebook has open-sourced Pysa, a tool that looks at how data flows through the code and helps developers prevent data flowing into places it shouldn't. "Pysa tracks flows of data through a program. The user defines sources as well as sinks," Facebook security engineer Graham Bleaney and software engineer Sinan Cepel explained.

Fully opening the door to allow people to contribute to - and notably, tinker with - the code for the data-breach information service will be an entirely next-level effort, according to founder Troy Hunt. Since an appropriate buyer didn't turn up, the next plan is to open up the service's code base.

Guardicore unveiled new capabilities for Infection Monkey, its free, open source breach and attack simulation tool that maps to the MITRE ATT&CK knowledge base and tests network adherence to the Forrester Zero Trust framework. Infection Monkey is a self-propagating testing tool that hundreds of information technology teams from across the world use to test network adherence to the zero trust framework, and find weaknesses in their on-premises and cloud-based data centers.

At a Wednesday session at Black Hat USA 2020, researchers with FireEye demonstrated how freely-available, open-source tools - which offer pre-trained natural language processing, computer vision, and speech recognition tools - can be used to create malicious the synthetic media. Social media companies often do not require high bars of credibility, and offer a platform for content to go viral, allowing anyone to create fake media that is believable.

PE Tree, a malware reverse-engineering, open source tool developed by the BlackBerry Research and Intelligence team, has been made available for free to the cybersecurity community. PE Tree allows malware analysts to view Portable Executable files in a tree-view using pefile - a multi-platform Python module that parses and works with PE files - and PyQt5, a module that can be used to create graphical user interfaces.

BlackBerry on Monday announced a new open source tool to help security teams reverse engineer malware. Called PE Tree, BlackBerry said the free tool was initially developed for internal use, but the company has now released it as an additional tool for reverse engineers to have in their arsenal.

The newly formed Open Source Security Foundation includes titans in technology such as Google, Intel, Microsoft, IBM, and more. Today, the creation of the Open Source Security Foundation.

The OpenSSF is a consolidation of several pre-existing efforts in the same space and intends bring the Open Source Security Coalition and the Core Infrastructure Initiative under one roof. The CII is an existing Linux Foundation project that has wide support, including from AWS, Facebook, Huawei, Cisco, Intel, Qualcomm, and VMware, as well as most of the OpenSSF founder members mentioned above.

The Linux Foundation announced the formation of the Open Source Security Foundation, a cross-industry collaboration that brings together leaders to improve the security of open source software by building a broader community with targeted initiatives and best practices. It combines efforts from the Core Infrastructure Initiative, GitHub's Open Source Security Coalition and other open source security work from founding governing board members GitHub, Google, IBM, JPMorgan Chase, Microsoft, NCC Group, OWASP Foundation and Red Hat, among others.